As you will be aware, in the UK there is a national NHS initiative to replace patients’ paper medical records with electronic health records (EHRs). Although a national initiative, trusts are implementing this locally with different service providers. At several trusts this consists of scanning all written records into the EHR and destroying original source documents (both historic records and current visits).
As inspectors, we have seen various types of EHR on our investigator site inspections and in several cases we have given major findings where they did not meet the requirements of Good Clinical Practice (GCP). Some examples of the issues we have identified include (but are not limited to) the following:
Access & security
- The system did not allow access limited to trial patients for external (and internal) monitors and therefore direct access had been denied to the monitor. The lack of appropriate functionality of the system resulted in researchers being required to print out records in an unsuccessful attempt to make certified copies of source documents/data, with additional procedures and resources required to do this.
- There were printouts of source documents from the EHR systems which the monitors had used for source data verification (SDV), but there was no evidence that these had been certified copies. The limited information printed was not the entire health record as the patients’ medical history information was not present and sometimes there were gaps in the records during the trial (including adverse events recorded in the EHR) resulting in missing visits and data in the printed records.
- The source data printouts did not contain all the relevant source data. For example, it was advised that the arm in which the vaccination was given was not recorded in the EHR, so this was documented in a paper source worksheet. However, on direct review of the EHR during inspection, the vaccination arm had been recorded, but there was no ability to print this EHR source data. On comparison of the EHR and source worksheet there were a number of discrepancies in the recorded vaccination arm.
- Monitors were not aware of the location of all of the source data/documents as other systems were available and examined during the inspection that the monitor had not accessed previously.
Scanning & certified copies
- There was a lack of quality control (QC) of scanning and upload to the EHR to ensure it was a certified copy of the original. As a result, there were pages that were unreadable due to:
- poor quality
- missing parts of the page
- black and white scanning resulting in loss of associated metadata
- loss of source data in the transfer of electronic data to the EHR (for example, vitalograph readings of the actual blood pressure value: available in the live system but not contained in the EHR - only the chart).
- The EHR was a scanned archive of the paper medical records. Finding and verifying source data was hindered as the EHR was not easy to navigate. For example, the EHR only contained batches of documents identified by the scan date, and the documents within each scan package were not in chronological order but sorted by scan date - therefore each record needed to be opened to identify the period of hospital notes they related to – and the records contained numerous blank pages.
- In the EHR, records were not indexed or chronological, also a single in-patient episode spanned 94 separate records which had to be opened individually to see what the document was (one document was split over multiple PDFs) and there were duplicates of documents.
- At a single inspection, 2 investigator sites were inspected:
- both sites had EHRs that were scanned archives of the paper medical records. The EHR was not easily navigated due to the reasons outlined above
- at one site, the original source paper medical records were destroyed after 3 months, therefore, if there were any issues with the EHRs - such as missing source data to verify case report form (CRF) entries in clinical trials - the originals were not retrievable.
- The EHR had no audit trail, or no ability to access the audit trail. As a result, it could not be verified if any changes had been made to the source data, as the EHR only showed the most recent entry and no information relating to any original/changed data, who changed it or when.
- Entries into the EHRs could be deleted and amended. The EHR audit trails had not been reviewed and the audit trail provided post inspection for the EHR was deficient as it did not show what type of changes were being made, such as if the entries were new, deletions or amendments. Due to these deficiencies, integrity of the data could not be confirmed.
- The EHR had a functionality to be locked to prevent further edits to the data entered. However, it was evident that annotations (entries) had not been locked and as such could be edited at any time point. In addition, the principal investigator (PI) confirmed that they did not lock entries and would update open entries throughout the day. There was evidence of unlocked entries when navigating the patients’ EHR.
- The date of entry was typed into the system rather than a system-assigned creation date, therefore the entry that appeared on the screen was the date that the user typed, and it could not be verified when the actual entry occurred.
- The audit trail showed that non-medically or non-clinically qualified personnel had been making entries in the EHR on behalf of the medics. The administration staff used the medics’ dictated notes to make the EHR entries and there was no documented evidence by the investigator to verify that the entries were correct.
- The EHR comprised of many other systems (for example over 300 at one organisation) and only some of these interfaced with the formal EHR. For instance, the accident & emergency department used a separate system, to which access was not provided, therefore it could not be verified if patients had any emergency admissions for Serious Adverse Events (SAEs). The same was true for other support systems, such as laboratory, radiology, etc.
- The medical review of the laboratory results was undertaken in the EHR, but a paper printout (with automatic print date) of the results was signed retrospectively and dated with the “date the doctor looked at the results in the EHR”, whilst review of the results in the EHR required the reviewer to confirm this in the system, this had not been done, and the audit trail to confirm that the doctor had accessed this information was not available. It could not be verified that the results were in fact reviewed on the stated date as there was no contemporaneous evidence.
- The EHR was used for the investigator to review laboratory results related to primary outcome measures. The system had no audit trail to demonstrate that this had been done, therefore, no medical oversight could be demonstrated.
- The source documents for the trial were paper, but were not contained in the EHR, therefore it was not possible for other healthcare professionals who may be involved in the patient’s care to see the information concerning the trial visits and patient assessments undertaken.
Because of these issues you will likely be aware that the MHRA worked with the Department of Health and published a position statement in 2015 on the expectations for an EHR that would be GCP compliant. The Department of Health’s opinion was that if an EHR was not GCP compliant, then it would also not be fit for standard of care records.
So, what does this position statement say? Well, we expect there to be a validated EHR.
What does this mean? Well, that the EHR is fit for purpose! The system should be robust, meaning:
- adequate levels of security, so people can only access and edit as authorised (for example, access restricted to certain patients. or read-only access)
- there are audit trails showing who had access to what patients and data, what was reviewed and what entries and changes have been made, by whom and when
- that the scanning and uploading of paper originals is done using a formalised procedure, which covers the scanning, uploading and QC of the paper records to ensure these are certified copies before they are destroyed
- the data should be chronological, legible and in a searchable format.
Since this position statement was released, many research & development (R&D) departments have advised they are now included on the trust/health board committees for EHRs. However, we do continue to have significant issues with EHRs on inspection, as there are still many trusts that have not made progress.
Having said that, we are starting to see improvements and below are some positive examples where trust and health boards have made progress:
- we have seen EHRs with the ability to provide direct access to limited patients - the monitors request which patients they want to SDV at a visit and access to those individuals is then granted for the duration of the monitoring visit
- where access cannot be restricted to individual patients, some trust/health boards have engaged their Caldicott Guardians and prepared agreements that sponsor representatives must sign and adhere to in order to comply with GDPR - then allowing direct access to the EHR
(please note, however, that MHRA inspectors are not required to sign such agreements due to their regulatory role)
- some trust and health boards’ R&D departments are now downloading and checking access audit trails/reports from the EHR following monitoring visits to ensure only trial subjects have been reviewed by the monitor
- the audit trail functions are now being ‘switched on' to allow the ability to see initial and changed entries, along with who made the entries or changes and when.
The ideal scenario for inspectors and sponsor representatives (monitors and auditors) is to have read-only access restricted to the trial patients. However, we acknowledge with some of the older EHR systems this is not possible - or at least not yet.
Here are some considerations that may help in ensuring your system is as compliant as possible:
- MHRA took advice from the Information Commission Office (ICO) regarding data protection and confirmed that trusts could ask sponsor representatives to sign an agreement to confirm they would only access records from trial patients and, provided the trust has an audit trail and can verify what subjects the sponsor representative accessed, this would be acceptable
- in cases where the electronic systems cannot provide evidence of the review of data (such as review of laboratory results) other ways of documenting the review need to be implemented by sponsors, and this needs to be determined and agreed with the site prior to the trial starting
- ensure you know what the “true” source data is - for example, patient scan results may be a report in the EHR that the monitor has used for SDV, but the true source data is held in radiology, as it is the scanned image with the measurements annotated on it - these are not routinely being looked at
- have a source data agreement between the sponsor and the investigator site - this would help in identifying all the places the source data is collected (in other words, where the data is FIRST collected) so everyone is clear what needs to be accessed and how access will be granted
- refer to the EMA “Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials” published on 12 August 2010
- look for any eclinical advice and tools online - we cannot recommend any particular product or assessment as this will vary depending on your organisation’s needs and the systems you’re using, however, the eClinical Forum is an example of a website with some useful advice
- if you must use printouts of the EHR, ensure that these are comprehensive and certified copies, also, give consideration as to how they will be retained and archived so there is evidence of what the monitor reviewed and when - there are a number of guidance documents that provide information on certified copies, for example, MHRA GCP guide, ICH GCP E6(R2)
- if the trust or health board is scanning and destroying original paper notes, you may wish to consider asking if these can be retained for trial purposes, however, this may not always be feasible, depending on their policy and procedures, so cannot be expected.
So, in summary, whether you are an investigator site or a sponsor, there are things you can do to ensure your EHRs are fit for clinical trials. I strongly recommend that no matter which you are, it’s worth checking and making sure clinical trials are the best they can be in the UK by ensuring the source data and EHRs are dealt with at the site identification and assessment stage to iron out any issues when dealing with external sponsors/CROs.
Investigator sites - are you aware of your EHRs and how they work and what you might need to do to ensure the sponsor can have access to the right source data when it’s needed? Are you aware of how to access the audit trail for your system? Are you able to demonstrate contemporaneous source data and medical or PI oversight in the electronic environment?
Sponsor and sponsor representatives - it’s really important to address and identify the source data and EHRs as early as possible during the site set up phase and while the contracts are being drafted. We have seen requests by sponsors to sites asking staff to photocopy data once the trial starts, for which they don’t have the resource. This was not discussed with them by the sponsor prior to signing contracts. Remember, clinical trials are run in addition to normal clinical care, so NHS and investigator site resources are already stretched. Any requests impacting on resource should be discussed up front.
The NHS - and the UK - is still thought of by sponsors as a great place to run trials, so let’s keep this reputation by ensuring EHRs are fit for purpose.
Don’t miss the next post, sign up to be notified by email when a new post comes out